As generative AI tools like OpenAI ChatGPT and Google Bard continue to dominate the headlines—and pundits debate whether the technology has taken off too quickly without necessary guardrails—cybercriminals are showing no hesitance in exploiting them.

The threat actor targets government and diplomatic entities in the CIS. The few victims discovered in other regions (Middle East or Southeast Asia) turn out to be foreign representations of CIS countries, illustrating Tomiris’s narrow focus.

The most severe of the two issues is CVE-2022-36963 (CVSS score of 8.8), which is described as a command injection bug in SolarWinds’ infrastructure monitoring and management solution.

ViperSoftX, a type of information-stealing software, has been primarily reported as focusing on cryptocurrencies, making headlines in 2022 for its execution technique of hiding malicious code inside log files.

The impacted product provides a data interface between remote field devices and the control center through a cellular network. According to CISA, the product is used worldwide in industries such as energy, transportation, and water and wastewater.

Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data, and credentials, have proven to be an increasing challenge for organizations to detect and secure.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws in MinIO, PaperCut, and Google Chrome, respectively, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

“The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report shared with The Hacker News.

While the Cyware team is thrilled with this significant opportunity, it also represents another step forward in its mission to enable Collective Defense across a wide range of communities.

An employee at the Consumer Financial Protection Bureau sent confidential data about hundreds of thousands of consumer accounts to their personal email, the agency told CNN on Thursday.